Security Engineer

Overview of the role:Join us at PolicyMe! We're modernizing insurance and we'd like your help. The Canadian insurance landscape has remained largely unchanged for decades and we are in the process of changing that. We're a remote-first, Toronto-based startup with big ambitions.
About the roleAs a Security Engineer, you’ll play a foundational role in shaping how we protect our platform, data, and customers. You’ll work across the stack from application security to infrastructure hardening and incident response. This is a high-impact, high-autonomy role where you’ll have the space to build smart systems and strong foundations from the ground up.
Our tech stack: React, Redux, Python, Webpack, Gatsby, Node.js, PostgreSQL, AWS

What you'll be doing:

• Design & implement foundational security architecture across infrastructure, cloud, endpoints, and applications. Familiarity with AWS suite of services including Security Hub, Inspector, Systems Manager, GuardDuty, CloudTrail, etc.
• Own threat modeling, vulnerability management, and secure coding practices in partnership with engineering teams.
• Deploy and manage security tools such as SIEM, EDR, and IAM solutions. Setup proper monitoring and alerting mechanisms.
• Establish and enforce security policies & controls across systems and workflows. Incorporate OWASP Top Ten and OWASP API Top Ten counter-measures.
• Lead incident response efforts, including detection, triage, resolution, and post-mortems.
• Conduct internal audits & prepare for external audits (SOC 2, etc).
• Train and evangelize security best practices across technical and non-technical teams.
• Help define and grow the security roadmap in line with business and regulatory priorities.

What we are looking for:

• Experienced in security engineering. 5+ years of hands-on experience with infrastructure and/or application security in production environments
• Builder and breaker mindset. Ability to think like an attacker while building systems that are resilient, secure, and scalable
• Excellent communicator. You collaborate well across teams and can explain security risks without creating fear or friction
• Startup-ready. Comfortable working in a fast-paced, high-ownership environment where you’ll wear multiple hats

Reports To: DevOpsSec Manager

Why join us:

• Generous PTO - 20 vacation days
• Access to stock options and a comprehensive benefits plan
• A remote-first team with company paid, in-person socials and the option to work from our Toronto-based office
• Resources to help your professional development, including an L&D budget, performance reviews twice a year and ongoing feedback to ensure you reach your highest potential
• Work with an empathetic, high-performing team in a flexible, results-oriented environment

About PolicyMe:PolicyMe is a Venture-Backed InsurTech startup on a mission to put families first, protecting them with the honest and uncomplicated life insurance they deserve. Through technology, PolicyMe is streamlining the traditional insurance process, removing barriers and inefficiencies to deliver a fully-underwritten life insurance policy that families deserve but with fewer steps and lower costs. PolicyMe makes it easy to get a quote and apply for term life insurance online in 20 minutes or less. Since our launch in 2018, we have grown exponentially, selling over $1 billion in life insurance coverage to Canadians.PolicyMe was also most recently voted as one of Canada's 50 Most Impactful Companies of 2021, and has been mentioned in BetaKit, National Post, the Global & Mail, Global News and more. If you're interested in being considered for this opportunity, please submit a resume.
Commitment to Equal Opportunity:PolicyMe is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, or disability status. We thank all applicants for their interest, however, only those selected for an interview will be contacted.
Accessibility Statement:PolicyMe is dedicated to ensuring an accessible experience for all candidates. If you require accommodations during the application process, please let us know in the "Additional Information" section of the job application. We are committed to working with you to provide support and make reasonable adjustments throughout the process.